June 2010 Handout: WordPress Security Basics

Things change rapidly in the WordPress world. The content in this post is more than a year old and may no longer represent best practices.

Sources for the Presentation

Sallie’s Security Bookmarks (updated regularly)

Protecting WordPress from the Inside Out (a brilliant presentation by Syed Balkhi)

Hardening WordPress (the original Codex article)

WordPress Security Presentation by Brad Williams (from WordCamp Montreal 2009)

Top 5 WordPress Security Tips You Probably Don’t Follow (WordPress Tavern Guest Post)

Keeping Your Self-Hosted WordPress Blog Secure (by Marcelo Lewin)

How to Improve Basic Security on a Fresh WordPress Install (Weblog Tools Collection)

More Plugins for Securing Your WordPress Install (Weblog Tools Collection)

WordPress Security Monitoring and Diagnosis (Weblog Tools Collection)

Latest WordPress Hacks: It’s Your Responsibility (Mark.Watero.us)

Security Plugins

AntiVirus (An A-V program just for WordPress)

Automatic WordPress Backup (Backs your WP files and DB to Amazon S3)

Secure WordPress (Conflicts with WordPress Firewall)

ServerBuddy by PluginBuddy (Checks for security flaws and plugin compatibility)

Theme Authenticity Checker (Checks for spam links in your themes)

WordPress Database Backup (Scheduled or manual backups of your WP database)

WordPress Exploit Scanner (Checks for signs that you’ve been hacked. Results can be confusing to non-geeks)

WordPress File Monitor (E-mails you every time a file has been changed)

WordPress Firewall (Blocks suspected attacks; conflicts with Secure WordPress)

WordPress Security Scan (Scans for file permissions; lets you change WP table prefix)

Leave a Reply

Your email address will not be published. Required fields are marked *